[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Nmh-workers] XOAUTH2 integration, and a few questions
From: |
Ken Hornstein |
Subject: |
[Nmh-workers] XOAUTH2 integration, and a few questions |
Date: |
Tue, 28 Jun 2016 16:39:29 -0400 |
Howdy all,
I've been meaning to look at the xoauth2 branch for a long time now, so
I finally sat down to look at it. I had a few questions; I guess Eric
is probably the best person to answer them, but if anyone else knows
the answers then feel free to speak up.
- From looking at the protocol document and the source code, it seems
that (using RFC 6749 termology) mhlogin gets an OAuth Authorization
Grant (involving the user's browser), and then uses it to get an
access token and a refresh token, and stores those in a credential
file (by default: oauth-gmail). Is that correct? Under what
circumstances will the refresh token be invalidated?
- If the access token is old, the refresh token is used to get a new
one. When you have an up-to-date access token, it's used to constrct
the SASL exchange for the XOAUTH2 mechanism. Is that correct?
In terms of the implementation ... I see only one wart that I dislike.
It looks like the access token is constructed by send(1) and passed down
in base64-encoded form to post(8) via the -authservice switch. I really
think it would be preferrable to just pass down the 'real' authservice
flag and have post(8) (well, probably the SMTP code) construct the
access token. If there's a reason it's done the way it is now, I
would like to understand it.
I think it's almost ready to go; do other agree?
--Ken
- [Nmh-workers] XOAUTH2 integration, and a few questions,
Ken Hornstein <=
- Re: [Nmh-workers] XOAUTH2 integration, and a few questions, David Levine, 2016/06/28
- Re: [Nmh-workers] XOAUTH2 integration, and a few questions, Ken Hornstein, 2016/06/28
- Re: [Nmh-workers] XOAUTH2 integration, and a few questions, Lyndon Nerenberg, 2016/06/28
- Re: [Nmh-workers] XOAUTH2 integration, and a few questions, Ken Hornstein, 2016/06/28
- Re: [Nmh-workers] XOAUTH2 integration, and a few questions, Lyndon Nerenberg, 2016/06/29
- Re: [Nmh-workers] XOAUTH2 integration, and a few questions, Ken Hornstein, 2016/06/29
- Re: [Nmh-workers] XOAUTH2 integration, and a few questions, Lyndon Nerenberg, 2016/06/29
- Re: [Nmh-workers] XOAUTH2 integration, and a few questions, Ken Hornstein, 2016/06/29
- Re: [Nmh-workers] XOAUTH2 integration, and a few questions, Valdis . Kletnieks, 2016/06/29
- Re: [Nmh-workers] XOAUTH2 integration, and a few questions, Ken Hornstein, 2016/06/29